×

Get the Best GovCon News Straight to your Inbox

Only read what's relevant to you

Potomac officers club sends personalized News and Updates straight to your inbox

*By clicking "Join us now" you agree to receive emails, promotions and general messages from Potomac Officers Club. In addition, you also agree to Potomac Officers Club's Privacy Policy and Terms & Conditions.

x

Cybersecurity

CISA Nearing Completion of Zero Trust Architecture Guidance

Cybersecurity guidance

CISA Nearing Completion of Zero Trust Architecture Guidance

The Cybersecurity and Infrastructure Security Agency is finishing up several guidance documents that would help organizations transition to a zero trust environment.

John Simms, deputy branch chief of CISA’s Cybersecurity Assurance Branch, said during an ATARC panel event that there is a necessary shift from a network-centric way of approaching cybersecurity and visibility. He shared that the documents and other efforts that the cybersecurity agency is taking up will help agencies adopt a more data-centric way of tackling security matters.

Since the start of September, CISA and the Office of Management and Budget have rolled out the draft zero trust strategy, the draft cloud security technical reference architecture and the draft zero trust maturity model. According to Simms, the guidelines were created after President Joe Biden signed an executive order that focused on cybersecurity. The EO required CISA to change expectations for zero trust architecture and the services the agency provides to emphasize the concepts of zero trust at the application and data layers, Federal News Network reported.

The CISA official shared that the organization focused on how zero trust architecture would work with the National Institute of Standards and Technology‘s Special Publication 800-53, which focuses on security and privacy controls for information systems and organizations. According to Simms, there is a significant difference between CISA’s view of the cybersecurity architecture and how inspectors general would assess agencies about their cybersecurity implementations.

The Department of Homeland Security component is also working with the Federal Chief Information Officer Council, the NIST and the Council of IG on Integrity and Efficiency about the relation of zero trust and SP 800-53. CISA will also use the Continuous Diagnostics and Mitigation Program to help agencies achieve zero trust.

GovCon Wire Logo

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Category: Cybersecurity

Tags: cybersecurity Cybersecurity and Infrastructure Security Agency cybersecurity environment Department of Homeland Security Federal News Network John Simms National Institute of Standards and Security zero trust